Related New Post: How to Fix Downadup? How to escape from it? How it spreads?
Finland based firm, F-Secure Corp has estimated that 3.5 million PCs have been compromised by the “Downadup” worm, an increase of more than 1.1 million since Tuesday. This worm, which exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours alone.
The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.
The soaring number of infections by Downadup, also called “Conficker” by some security companies, prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines. The MSRT scans for known malware, then scrubs the system of any it finds.
It appears that the highest number of infection reports had come from the U.S., Canada, Mexico, Korea and several European countries, including the U.K., France and Germany. The worm generates hundreds of possible domain names daily using a complex algorithm. Those controlling this worm only need to predetermine one possible domain for tomorrow, register it and set up a Web site, and they then gain access to all of the infected machines. Pretty clever. Even so, F-Secure has registered some of the possible hosting domains so that it can eavesdrop on the attackers and get an idea of the number of infected PCs.
So, what is the fix for Downadup worm?
Microsoft recommended that Windows users install the October update, then run the January edition of the MSRT to clean up compromised computers.
It’s not clear whether the hackers behind Downadup are building a botnet of their own. For the moment, they seem satisfied with feeding victims fake security software, which pesters users with pop-ups until they pay for the worthless program.
I suggest everyone to apply the above suggested patch and be safe.